Turkish Hackers Threaten To Break Into Armenian State Agency Websites

The Turkish hacker group had attacked FC Spartak Moscow’s official website.

The Turkish hacker group named Ayyıldız (Moonstar), which had attacked FC Spartak Moscow’s official website—after Yerkramas newspaper of the Russian Armenians had ran an article entitled “Spartak fans will wave Armenia’s and Artsakh’s [Nagorno-Karabakh Republic] flags in Istanbul”—had threatened to break into Armenian state agency websites, too.

The group had stated that it was decided to attack the websites of Armenia’s General Staff of the Armed Forces and the country’s other state agencies, if Spartak fans carry out provocations in the match to be played in Istanbul between Fenerbahce S.K. of Istanbul and FC Spartak Moscow, Yenisafak daily of Turkey reports.

The UEFA Champions League qualifications second-leg match between the two clubs was played Wednesday under very tight security and no serious incidents were recorded.

As NEWS.am Sport informed earlier, Turkish hackers broke into FC Spartak Moscow’s official website, on the evening of August 22, and the website is down ever since. The hackers attacked the website on Monday, too.

The portrait of Mustafa Kemal Ataturk—founder of the Rep. of Turkey—appeared on the website’s homepage on August 22, and with the following inscription: “Immediately apologize to the Turkish nation! FIFA [International Federation of Association Football] did not heed this fact, but we will not leave this crime unpunished.”

To note, during the UEFA Champions League qualifications first-leg match played on August 21 in Moscow, and between FC Spartak Moscow and Fenerbahce S.K. of Istanbul, Turkey—which ended by a score of 2-1 in favor of the host club—the Spartak fans in the stands had burned posters with the portrait of Ataturk.

Also, it became apparent that the Russian fans had attacked the Turkish football fans in the Russian capital, even before the match. Close to twenty Spartak fans had attacked twelve Fenerbahce fans in a downtown Moscow bar.

Although few people expected it (many hoped), Oracle has released an out-of-band patch to address the zero-day flaw that affects Java Runtime Environment (JRE) 7. Since attacks that rely on this vulnerability have already been spotted, the company advises users to immediately apply the patch.

The patch addresses a number of three different, but related, bugs that don’t affect standalone desktop applications or servers. However, they affect Java running on desktop web browsers.

“Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,” said Eric Maurice, director of software security assurance at Oracle.

“Furthermore, note that the technical details of these vulnerabilities are widely available on the Internet and Oracle has received external reports that these vulnerabilities are being actively exploited in the wild.”

Yesterday we reported that users from the Netherlands were targeted with VAT rate increase emails that led to this particular exploit. Similar campaigns are most likely already active and new ones will probably emerge in the upcoming days.

It’s likely that this vulnerability will be exploited for quite some time because, as we’ve seen on numerous occasions, many users fail to apply patches in time.

Hopefully, at least companies will rush to apply the patch to ensure that cybercriminals are not able to disrupt their business workflow.

The fact that this JRE vulnerability caused so much havoc once again highlights a very important thing. Dangerous security holes are discovered all the time in Java, and although many users don’t actually utilize it, they keep it installed on their computers.

We advise you to take a good look at the applications you’re using and the websites you’re surfing. In case they don’t require Java (most of them don’t), be sure to uninstall it.

The latest (patched) version of Java Runtime Environment is available for downloadhere.

PhonepayPlus, the organization that regulates all premium rate phone services in the UK, has ordered a Russian company – Connect Ltd – to pay a fine and refund users after researchers highlighted the fact that an application it owned was attempting to trick Android users into signing up to expensive mobile services.

Developers create malicious applications that sign up users to shady mobile services and send SMS to premium rate numbers. When security firms find the malware, they place it on a blacklist and warn users about it, thus preventing the crooks from stealing more money. Then it starts all over again with the release of a new malware.

However, this may not always be the case and there may be some good news for those who have fallen victim to such crimes, Graham Cluley of Sophos reports.

Back in February, we learned of an application that tricked Facebook users into installing a malicious application on their Android phones. Once it found itself on a phone, the malware sent out an SMS message and subscribed the unwitting individual to a premium service.

After confirming that the application in question presented a suspicious behavior and after determining that the victims might have paid as much as £250,000 ($395,950 or €314,000) for the shady services, PhonepayPlus decided to fine the company.

In case the company doesn’t comply and pay the £50,000 ($79,000 or €63,000) fine and refund all the victims (whether they filed a complaint or not), the agency has the ability to “bring a breach of sanction case” in which a court could impose even tougher penalties.

Besides the considerable fine, in the next couple of years, Connect Ltd will also have to ask PhonepayPlus for permission to offer premium rate services to UK citizens.

Unknown Virus Disrupts World’s Second Largest Liquefied Natural Gas Company

Another mysterious virus hits the Middle East. This time, the victim is RasGas – a Qatar-based company that’s considered to be the second largest liquefied natural gas (LNG) producer in the world, after Qatargas.

According to Arabian Oil and Gas, the virus disrupted the company’s offices, forcing them to shut down their systems, including the public-facing website rasgas.com.

The organization’s representatives state that cargo deliveries and operations in Ras Laffan Industrial City haven’t been impacted by the incident.

This is the second time this month when such a firm becomes the target of hackers. Earlier in August, multiple hacktivist groups took credit for disrupting the operations of Saudi Aramco, the world’s largest oil company.

At the time, experts found that the attack – which affected some 30,000 computers – might have involved a piece of malware known as Shamoon. The malware covers its tracks by overwriting the stolen files and by completely wiping the infected device’s master boot record.

Saudi Aramco admitted that its systems have been infected with a virus, but a statement released a few days ago reveals the fact that the organization has addressed the problem.

“We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiraling,” stated Khalid A. Al-Falih, president of Saudi Aramco.

On the other hand, one of the hacker crews which took credit for the attack, claims to have hit the company once again on August 25. On this occasion they leaked the details of core, backup and middle routers.

Similar to Saudi Aramco, RasGas is expected to publish a statement after its systems will be back online. For now, rasgas.com is still unavailable to visitors.

Scientists Warn of Brain Hacking Via BCI Gadgets

If you're already skeptical about brain-computer interface (BCI) technology you'll probably be laugh twice as hard at the notion that hackers could potentially hack brainwave-scanning products like NeuroSky's Necomimi Brainwave Cat Ears or Mattel's MindFlex Duel game to steal your very thoughts.

And you'd be right to be so dubious—up to a point. Yes, true mind-reading is still the stuff of science fiction. But BCI really does work in its limited capacity. And now an international team of researchers says it's shown that captured electro-encephalography (EEG) signals from common consumer BCI devices can be mined to significantly increase the odds of guessing a user's private information.

In a recently published study, researchers from Oxford University, UC Berkeley, and the University of Geneva report having better success at gleaning BCI device users' bank card information, PIN numbers, area of living, and other private info than by simply guessing randomly.

It's not mind-reading, but the scientists say they've shown "that the entropy of the private information is decreased on the average by approximately 15 to 40 percent compared to random guessing attacks."

That's obviously not an insignificant edge and one that might worry owners of popular BCI devices used for gaming, entertainment, relaxation, or wiggling prosthetic cat ears. Particularly since the researchers say nobody's really even thought to try to secure the EEG signals propagated by such gadgets.

How could a BCI device user have his or her brain hacked? The team posits that "by manipulating the visual stimuli presented on screen [to a BCI device user] and by analyzing the corresponding responses in the EEG signal" a malicious individual could significantly increase the odds of figuring out the user's private information.

Kitting out subjects with an Emotiv EPOC device, the team flashed them on screen images of things like maps, an ATM machine, and a bank card to try to flush out brainwave activity that might offer hints to a person's PIN number, geolocation, and where they bank. Some experiments utilized passive methods while others involved directly asking a subject what month they were born, for example.

After crunching the EEG numbers they got back through their algorithms, the researchers report that experiments designed to mine PIN numbers resulted in first guesses being correct 20 percent of the time, a 30 percent success rate for tests designed to determine a subject's location, and a very impressive 60 percent success rate for identifying users' month of birth.

Part of a Hertfordshire Police web site has been hacked, with the attacker uploading his stupid treasure trove of IP addresses and phone numbers of officers online.

Hertfordshire Police says the stolen data was hosted externally on a database associated with some sort of Neighbourhood Watch scheme, so the hacker wasn’t exactly setting his sights particularly high. The police site has been taken offline while staff investigate what was accessed and what actually turned up online as a result.

The hacker added the banner “OpFreeAssange” to the data he published along with quotes from the famous Ecuadorian immigrant, so it looks like this is some sort of weird revenge attack against authorities for pestering poor Julian — although the person responsible also said he wasn’t part of the notorious Anonymous collective

Paksitani hacker name Cfr and Dr Ninja From Robot Pirates hacked 50 government sites. EU Governement servers are consider as one of most secure servers in world and it is defiantly not easy to break security of server like these. This also raise lot of question for security experts that how much more security is need in cyber space.

The list of impacted sites was published on Pastebin yesterday, but at press time, most of them still weren’t restored.

The US Air Force is spending $10 million on an effort to hack into opponents’ computer networks to “destroy, deny, degrade, disrupt, deceive, corrupt or usurp” their ability to use the Internet to their advantage.

The ability to hack into networks is part of a list of the military’s “Cyberspace Warfare Operations Capabilities” that it wishes to acquire, reports Wired.

Instead of giving the ability to conduct cyber strikes solely to the White House, the Air Force wants its Trojans and worms to be available to its own officials, including top personnel and operational commanders.

Last week, the Pentagon announced a new $110 million program to make cyber strikes a more routine effort in wartime military operations. “Plan X,” as the Pentagon named it, will officially begin on September 20, but Darpa has already invested $600,000 to cyber security firm Invincea to begin its research immediately.

In early 2007, the Pentagon declared that it “had no plans to shift its cyber warfare focus from a defensive mindset to an offensive one.” But later that year, the Air Force began developing offensive cyber attack strategies, which have materialized into budgeted plans this year.

Other branches of the military are also discussing hacking as a war strategy.

“I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact,” said Lt. Gen. Richard Mills at a technology conference last week. The lieutenant general also discussed a Marine company that will be stationed at the National Security Agency to “increase the availability of intelligence analysts, intelligence collectors and offensive cyber operations … so that forward deployed commander in the heat of combat has full access to the cyber domain.”

Invincea, the company in charge of putting together the cyber security project, was contracted one month after it contacted the government with its proposal. The firm has worked with the government before, analyzing cyber attacks facing the US.

As malware becomes increasingly more common, the US has changed its cyber status from defensive to offensive.

RasGas confirmed the situation by fax yesterday. “RasGas is presently experiencing technical issues with its office computer systems,” said the RasGas fax seen by Oil & Gas Middle East, dated 28 August. “We will inform you when our system is back up and running.”

Emails to verified addresses at RasGas bounced back with a permanent delivery failure error message. and the RasGas website (www.rasgas.com) is down.

The RasGas spokesman said the virus has “no impact whatsoever on operations in Ras Laffan Industrial City and there are no issues with cargo deliveries.”

“Everyone is reporting to work as normal,” the spokesman said. “We are working with ICT Qatar to resolve the situation as soon as possible.”

The news follows a malware attack against Saudi Aramco on 15 August which forced the world's largest oil company to take down its company-wide office systems for 12 days.

RasGas, a joint venture between QP and ExxonMobil, comprises seven giant LNG process trains in Ras Laffan, Qatar. The company exports 36.3m tonnes a year of LNG, most of which under long-term contracts with customers in Korea, India, Italy, Spain, Belgium, Taiwan, and the Americas. The company us also responsible for around 10% of global helium production.

The members of the now-infamous RedHack collective are displeased with the fact that Anonymous Turkey (AnonsTurkey) is relying on the Anonymous name “for their personal interests.”

The hacktivists released a statement to ensure that everyone understands that they’re not against Anonymous, but they’re against the teenagers who run AnonsTurkey.

“Relationship between Redhack and Anonymous goes back to the time of 4chan in 2005. We continue to be in solidarity with active and true hackers within Anonymous and offer our help within our capabilities when it is required,” members of RedHack said.

RedHacks coordinated numerous Anonymous Turkey operations, but at one point some of the members of the latter group decided to take matters into their own hands.

“We always thought that they were young and might change positively. But then they were not happy about us being socialist and our revolutionary values were hard for them to accept,” they explained.

“According to them we should act within the norms of ‘official ideology’ and act around the chauvinism that was imposed on people and the brotherhood relations with the Kurdish people should have been cut off.”

The members of Anonymous Turkey who didn’t condone with RedHack’s views formed their own “Anonymous Turkey” (AnonsTurkey).

When the controversial hackers were appointed as terrorists by the Turkish government, this new collective revealed its support, but because of their “track record” RedHack turned down their offer.

Immediately after, AnonsTurkey announced that they no longer support RedHack and a feud began.

RedHack members conclude their statement by saying that their relations with AnonTurkey will not influence their relationship with Anonymous activists in any way.

On the other hand, it’s almost impossible for all hackers to get along with one another when the Anonymous name is free-for-all. A similar situation occurred when the protest against the Republican National Convention in Tampa was announced.

After further analyzing the traces of the mysterious Wiper malware, researchers are still unable to precisely determine how it works. They also haven’t been able to find a clear link between it and Duqu, Stuxnet or Flame.Back in April, the Iranian Oil Ministry reportedsightings of a destructive piece of malware that attempted to extract information and then wipe it from the infected devices, hence the name Wiper.

Kaspersky was called in to analyze the attack that took place sometime between April 21 and April 30. The malware’s developers destroyed all the pieces of information that could be used to properly analyze Wiper.

However, their investigation led them to another interesting thing: the now-infamous Flame.

“The malware was so well written that once it was activated, no data survived,” Kaspersky experts explained.

“So, although we’ve seen traces of the infection, the malware is still unknown because we have not seen any additional wiping incidents that followed the same pattern as Wiper, and no detections of the malware have appeared in the proactive detection components of our security solutions.”

They claim that we may never find out precisely what Wiper was and although it led them to discover Flame, they believe that the two are not connected.

Some common filenames indicate a possible connection to Duqu and Stuxnet, but there isn’t enough evidence to say this for sure.

Furthermore, experts believe that the creators of Shamoon, the recently discovered malware, have been inspired by Wiper to develop their own Trojan.

“The fact that the use of Wiper led to the discovery of the 4- or 5-year-old Flame cyber-espionage campaign raises a major question. If the same people who created Duqu/Stuxnet/Flame also created Wiper, was it worth blowing the cover of a complex cyber-espionage campaign such as Flame just to destroy a few computer systems?” experts concluded.

Last week we reported about the existence of a Facebook scam that was trying to trick users into visiting various websites by promising them $500 gift vouchers from Woolworths. Now, the Australian supermarket chain’s reputation is once again used in a malicious campaign.

It all starts with an email entitled “Customer Satisfaction Survey” which reads: You have been selected to access the Woolworths 5 questions Survey and win a $50.00 gift certificate. Please click here and complete the form to receive your reward. Thank you.

Those unfortunate enough to fall for it and click on the link are taken to a webpage that displays a standard survey with questions such as “Do you think Woolworths employees are friendly and helpful?”

However, the fact that the user provides the answers to the five questions isn’t the main issue, Hoax Slayer notes.

In order for the $50 (€40) credit to be added to their accounts, customers must provide their personal details, including name, address, suburb, postal code, driver license, Medicare card number, individual reference number, date of birth, credit card number, expiration date and CVV.

Once the Continue button is pressed, all this valuable information is stored in a database owned and controlled by the cybercriminals who run the campaign.

To ensure that they can trick as many people as they can, the phishers added the following message to the top of the malicious webpage: Only one survey per credit card is allowed. If you own multiple cards you can run the survey again for each.

This way they can obtain the details from multiple credit or debit cards from one single victim.

Those who have already fallen for this scam and provided the fraudsters with their details are advised to immediately contact the card issuer. The large amount of information could also be used to commit identity theft, which is why we recommend victims to contract the services of a company that deals with fraud prevention.

Around one and a half years ago, malicious emails claiming to originate from Intuit attempted to convince recipients that they need to install a piece of software in order to access their QuickBooks accounts, giving them a three-day deadline to comply.

It seems that this spam campaign has been reinitialized in an attempt to steal sensitive information from Intuit customers. Here’s what these emails look like:

You will not be able to access your Intuit QuickBooks account without Intuit Security Tool (IST) after 31th of August, 2012.

You can download Intuit Security Tool here.

After a successful download please run the setup for an automatic installation, then login to Intuit Quickbooks online to check that it is working properly.

Basically, the email looks exactly the same as the old variant, but the cybercrooks updated the date, and most likely they’ll continue doing so.

The links from the email currently lead to a compromised website from Denmark on which the cybercriminals planted a phishing webpage.

The company has warned users to avoid such emails ever since the campaign started. They highlight the fact that legitimate emails will never contain “software update” or “software download” attachments.

Furthermore, Intuit will never ask customers for their usernames and passwords. Finally, similar to other organizations, they promise never to request banking information or credit card details via email.

And this is not the only type of Intuit email you should beware of. Back in June we reported that fake Intuit tax information update notifications were making the rounds, luring recipients to another hijacked website from Denmark.

Users are advised to report any suspicious emails to spoof@intuit.com. By reporting suspicious emails you can help the company keep all its customers informed on the latest threats that may be leveraging its reputation to cause damage to the computers of unsuspecting internauts.

Times reporter arrested over police blogger hacking

Senior executives at The Times newspaper could be questioned by police investigating allegations of computer hacking after a former reporter was arrested on suspicion of conspiracy to pervert the course of justice.

Patrick Foster, 28, a former media reporter at Rupert Murdoch’s paper, was arrested at his North London home this morning for allegedly hacking into the email account of an anonymous police blogger named Nightjack in 2009.

The Times subsequently went to the High Court and successfully overturned an injunction banning them from naming Nightjack as Lancashire Police detective Richard Horton.

At the hearing before Mr Justice Eady in June 2009, lawyers for the newspaper argued that Mr Foster had used legitimate journalistic methods to identify Mr Horton.

But the paper’s editor James Harding was later forced to apologise to Mr Justice Eady and Mr Horton, after admitting senior figures had failed to disclose that they knew about the computer hacking when the hearing took place.

In March this year the newspaper’s former legal chief, Alastair Brett, came under fire when he gave evidence to the Leveson Inquiry into press standards admitting he had made a “mistake” by failing to divulge that he knew about the hacking before the Times went to court.

Scotland Yard today confirmed that a 28-year-old journalist had been arrested over the alleged computer hacking, but stating that he was also being questioned over conspiracy to pervert the course of justice, related to the alleged cover up.

Mr Foster’s arrest is the 11th as part of Operation Tuleta, a Metropolitan Police Investigation into alleged computer hacking by journalists, but the first related to the Nightjack incident.

The Metropolitan Police said in a statement on Wednesday: “Officers from Operation Tuleta, the investigation into criminal breaches of privacy including computer hacking which is being carried out in conjunction with MPS phone-hacking inquiries, arrested a man in North London this morning, 29 August.

“The 28-year-old man, a journalist (Tuleta arrest 11) was arrested at his home address at approximately 07.00 hrs for suspected offences under the Computer Misuse Act 1990 and suspected conspiracy to pervert the course of justice, contrary to the Criminal Law Act 1977

“He is being questioned at a North London police station about alleged computer hacking relating to the identification of a previously anonymous blogger in 2009.”

Official forum of HostDime has been Hacked by 1337. The Pakistani Hacker posted a message about there security on there forum by posting a thread. The hacker had told that the site was not able to be defaced due to the .htaccess file which was added in the admincp file. The .htaccess file had spasific I.P address to be accessed to the admincp. Therefor the site was not able to be defaced. If the hacker had gotten into the admincp, the story might have been totally different.HostDime is one of largest web hosting company which provides web hosting. They have there own data centers around the world with over 2,000,000 websites hosted with them.

Latest Java software opens PCs to hackers: ExpertsBOSTON: Computer security firms are urging PC users to disable Java software in their browsers, saying the widely installed, free software from Oracle Corp opens machines to hacker attacks and there is no way to defend against them.

The warnings, which began emerging over the weekend from Rapid7, AlienVault and other cyber security firms, are likely to unnerve a PC community scrambling to fend off growing security threats from hackers, viruses and malware. Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java.

Once in, a second piece of software called "Poison Ivy" is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.

Several security firms advised users to immediately disable Java software - installed in some form on the vast majority of personal computers around the world - in their Internet browsers. Oracle says that Java sits on 97% of enterprise desktops.

"If exploited, the attacker will be able to perform any action the victim can perform on the victim's machine," said Tod Beardsley, an engineering manager with Rapid7's Metasploit division.

Computers can get infected without their users' knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant. Java is a computer language that enables programmers to write one set of code to run on virtually any type of machine.

It is widely used on the Internet so that Web developers can make their sites accessible from multiplebrowsers running on Microsoft Windows PCs or Macs from Apple. An Oracle spokesperson said she could not immediately comment on the matter.

Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems. Rapid7 has set up a Web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack: www.isjavaexploitable.com

Hackers release one million bank, web account details

A hacking group has released one million records and accounts from banks, government agencies and other sources.

The group, calling itself Team GhostShell posted compromised databases from a Chinese mainframe, a US stock exchange mainframe and access points to three or four Department of Homeland Security servers among other sources.

Security analysts have confirmed that the data released includes at least 30,000 records, with data including credit histories from banks, administrator login information, usernames and passwords and files from content management systems.

Security company Imperva said that a lot of the data appeared to have been taken using SQL injection attacks.

In a statement accompanying the records, Team GhostShell said that the ‘Project HellFire' release was its "final form of protest this summer against the banks, politicians and for all the fallen hackers this year".

Hackers allegedly breached Saudi Aramco againSaudi Aramco, the national oil company of Saudi Arabia and the biggest oil company in the world, has issued a statement announcing that it has restored all its main internal network services that were impacted in a recent cyber attack which affected about 30,000 workstations - a number that corresponds with that shared by the Cutting Sword of Justice, the hacker group that took credit for the breach.

The company's primary enterprise systems of hydrocarbon exploration and production were unaffected as they operate on isolated network systems, the statement confirmed. The production plants were also fully operational.

“We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiraling,” said Khalid A. Al-Falih, president and CEO of Saudi Aramco.

Published on Sunday, the statement doesn't contain any mention about further attacks by the hacker collective, despite one being announced and scheduled for the day before.

But the group didn't remain silent.

"We think it's funny and weird that there are no news coming out from Saudi Aramco regarding Saturday's night, they said in a new Pastebin post. "Well, we expect that but just to make it more clear and prove that we're done with we promised, just read the following facts -valuable ones- about the company's systems."

The post included the email and password of Khalid A. Al-Falih; information and access credentials of the company's core, backup and middle routers; and the security appliances used by the company and the fact that they all still have default passwords.

If the leaked information is legitimate, the situation doesn't bode well for the company, as the hackers announced one last paste, and who knows what information will be revealed in it.

Second accused LulzSec hacker arrested in Sony Pictures breach

(Reuters) - A second suspected member of the clandestine hacking group LulzSec was arrested on Tuesday on charges he took part in an extensive computer breach of Sony Pictures Entertainment, the FBI said.

Raynaldo Rivera, 20, of Tempe, Arizona, surrendered to U.S. authorities in Phoenix six days after a federal grand jury in Los Angeles returned an indictment charging him with conspiracy and unauthorized impairment of a protected computer.

If convicted, Rivera faces up to 15 years in prison.

The indictment, unsealed on Tuesday, accuses Rivera and co-conspirators of stealing information from Sony Corp's Sony Pictures' computer systems in May and June 2011 using an "SQL injection" attack against the studio's website, a technique commonly employed by hackers.

The indictment said Rivera then helped to post the confidential information onto LulzSec's website and announced the intrusion via the hacking group's Twitter account.

While Rivera was the only person named in the indictment, the FBI said his co-conspirators included Cody Kretsinger, 24, a confessed LulzSec member who pleaded guilty in April to federal charges stemming from his role in the Sony attack.

Following the breach, LulzSec published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony, and publicly boasted of its exploits.

"From a single injection we accessed EVERYTHING," the hackers said in a statement at the time. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Authorities have said the Sony breach ultimately cost the company more than $600,000.

LulzSec, an underground group also known as Lulz Security, is an offshoot of the international hacking collective Anonymous and has taken credit for such cyber incursions on a number of government and private sector websites.

The latest indictment says Rivera, who went by the online nicknames of "neuron," "royal" and "wildicv," is suspected of using a proxy server in a bid to conceal his Internet Protocol, or IP, address, and avoid detection.

Court documents revealed in March that an Anonymous leader known as Sabu, whose real name is Hector Monsegur, had pleaded guilty to hacking-related charges and provided information on his cohorts to the FBI.

That same month, five other suspected leaders of Anonymous, all them alleged to be LulzSec members as well, were charged by federal authorities with computer hacking and other offenses.

An accused British hacker, Ryan Cleary, 20, was indicted by a federal grand jury in June on charges related to LulzSec attacks on several media companies, including Sony Pictures.

Kretsinger, who pleaded guilty to the same two charges now facing Rivera, is slated to be sentenced on October 25. A federal prosecutor said he would likely receive substantially less than the 15-year maximum prison term carried by those offenses.

Anonymous and its offshoots focused initially on fighting attempts at Internet regulation and the blocking of free illegal downloads but have since taken aim at the Church of Scientology, global banking and other targets.

Anonymous, and LulzSec in particular, became notorious in late 2010 when they launched what they called the "first cyber war" in retaliation for attempts to shut down Wikileaks.

Analysis Saudi Aramco said that it had put its network back online on Saturday, 10 days after a malware attack floored 30,000 workstations at the oil giant.

In a statement, Saudi Arabia's national oil firm said that it had "restored all its main internal network services" hit by a malware outbreak that struck on 15 August. The firm said its core business of oil production and exploration was not affected by the attack, which resulted in a decision to suspend Saudi Aramco's website for a period of a few days, presumably as a precaution. Corporate remote access services were also suspended as a result of the attack.

Oil and production systems were run off "isolated network systems unaffected by the attack, which the firm has pledged to investigate. In the meantime, Saudi Aramco promised to improve the security of its network to guard against fresh assaults.

Saudi Aramco has restored all its main internal network services that were impacted on August 15, 2012, by a malicious virus that originated from external sources and affected about 30,000 workstations. The workstations have since been cleaned and restored to service. As a precaution, remote Internet access to online resources was restricted. Saudi Aramco employees returned to work August 25, 2012, following the Eid holidays, resuming normal business.The company confirmed that its primary enterprise systems of hydrocarbon exploration and production were unaffected as they operate on isolated network systems. Production plants were also fully operational as these control systems are also isolated.

A previously unknown group called Cutting Sword of Justice claimed responsibility for the attack, which affected three in four of the estimated 40,000 workstations used by the oil giant. The group said that it had hacked Saudi Aramco in retaliation against the Al-Saud regime for the "crimes and atrocities taking place in various countries around the world, especially in the neighboring countries such as Syria, Bahrain, Yemen, Lebanon [and] Egypt".

The group said it hacked Aramco after compromising systems in "several countries" before implanting malware to "destroy 30,000 computers" within Aramco's network. The infected machines claim was made days before Saudi Aramco confirmed the same number of machines had been hit, lending credibility to the hacker group's claims.

Neither victim nor perpetrator named the malware that featured in the attack but security researchers implicated the Shamoon malware in the security breach (analysis by Seculert here). Shamoon, which emerged days before the assault, has both the capability to over-write data on infected machines and to destroy Master Boot Record files, thus making infected Windows machines impossible to boot.

Over-written files were reportedly replaced by an image of a burning US flag.

According to researchers, the malware also has the capacity to extract information from compromised before uploading it to the internet.

Core router names and admin passwords along with email address and supposed password of Saudi Aramco chief exec, Khalid A Al-Falih, were uploaded to Pastebin on Monday. The latest leak may be a result of the threatened follow-up attack, due to take place last weekend, rather than the fruits of the original malware-fuelled assault.

Rob Rachwald, director of security strategy at Imperva, described that Saudi Aramco attack as the first hacktivist-style assault to use malware.

"In the past, hacktivists have typically used application or distributed denial of service (DDoS) attacks - in which they clog a website with traffic until it goes offline. However, the attack on Saudi Aramco is the first significant use of malware in a hacktivist attack. Hacktivists rarely use malware, if other hacktivists jump on this trend it could become very dangerous," he said.

Similar data-wiping malware disrupted systems at Iranian oil exploration facilities in May in an attack that led researchers at Kaspersky Lab to the discovery of the Flame cyber-espionage tool. US gas prospecting firms have been hit by previous attacks, most of which are suspected to have been state-sponsored.

It seems wise to view claims that the Saudi Aramco assault was a case of politically motivated hacktivism with some skepticism, at least until a clearer picture of the previously unknown Cutting Sword of Justice group emerges. It could be the group is solely motivated at hitting back at Saudi's ruling royal family for the country's support in putting down Arab Spring-style revolts in other nations, such as Bahrain, but other motives are also possible.

More commentary on the information security aspects of the attack can be found in a post on Sophos' Naked Security blog here. ®

Cyber crime worth billions of euros is going unreported because companies are failing to admit to security breaches, according to a paper released Tuesday (28 August) by the EU's internet security agency.

In "Cyber incident reporting in the EU" the European Network and Information Security Agency (ENISA) highlighted a series of regulatory gaps in EU cyber laws. In its conclusions, ENISA admitted that although "large outages and large data breaches receive extensive media coverage.... many breaches, however, remain undetected and if detected, are not reported to authorities and not known to the public."

The report highlighted five major cyber incidents which all went unreported, including an 'IP hijacking' case in April 2010 where China Telecom fed incorrect routing information instructing US and other international Internet traffic to feed through Chinese servers, swallowing 15% of global Internet use in less than 20 minutes.

In a press statement accompanying the report, co-authors Dr Marnix Dekker and Chris Karsberg admitted that “cyber incidents are most commonly kept secret when discovered, leaving customers and policymakers in the dark about frequency, impact and root causes.”

Commenting that the "lack of transparency and lack of information about incidents makes it difficult for policy makers to understand the overall impact", the report added that this, in turn, "complicates the effort in the industry to understand and address cyber security incidents."

Under the EU Telecoms directive adopted in 2009, service providers are required to report "all significant security breaches" to ENISA and national data supervisors. Meanwhile, provisions of the recently adopted e-privacy directive requires service providers to report all security lapses compromising personal data.

ENISA revealed that it had received 51 incident reports for 2011-2012, the first year of mandatory reporting requirements, saying that it would publish an overview of cyber-security breaches in September and annual reports from spring 2013 onwards.

However, the data was incomplete, with a number of member states yet to implement the directive in to national law, it said. ENISA executive director, Professor Udo Helmbrecht insisted that EU cyber policy should extend the reporting provisions for companies describing it as "essential to obtain a true cyber security picture."

A Eurobarometer in July revealed that one in ten Europeans had been victims of data theft, while online security firm McAfee estimated that cyber-crime cost businesses $750bn (€600bn) in lost income across the world in 2011.

EU Digital Agenda Commissioner Neelie Kroes has repeatedly promised plans for a detailed cyber security strategy, including a European Cyber-Crime Centre based in Europol's Dutch headquarters which will start work in 2013. Speaking in January at the World Economic Forum, Kroes called for concerted action on cyber-crime claiming that there was a 10% chance of a major break-down of the worldwide computer network.